There's a reason for that — new rules from the European Union, called the General Data Protection Regulation, or GDPR, went into effect on Friday. The rules are aimed at improving the protection of consumer data, BBC explained, and they place the onus on companies to alert their customers about any personal information they may harvest.
So what exactly does that mean? According to the BBC, residents of the European Union now can now view any of their data that a company has obtained — and those organizations have to receive the consent of a user and have a "valid legal reason" to get that information. People can also request that companies delete any information about them.
The personal information that Europeans can request to be deleted includes birthday, employer information, political affiliation and location data, among others, according to Buzzfeed. And companies must alert people about a data breach within three days.
You're getting this mass of emails about privacy notices because the GDPR requires companies to clearly alert users about any "processing" of their data — and threatens them with a heavy fine if they don't comply, Buzzfeed reported. The punishment is up to 4 percent of a company's global revenue, or 20 million euros.
Yet many American companies have opted to block access to their websites in Europe rather than comply, as noted by Gizmodo. That includes the Los Angeles Times, the St. Louis Post-Dispatch and the Chicago Tribune.
Here's a message from the Los Angeles Times to European users, according to Gizmodo.
"Unfortunately, our website is currently unavailable in most European countries" it reads. "We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."
There are already some lawsuits centered on GDPR against Facebook and Google. Max Schrems, an Austrian lawyer, accused those companies of strong-arming users into giving up their data, which he said violates the new law.
“Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the ‘agree’ button – that’s not a free choice; it more reminds of a North Korean election process,” his statement read. “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.”
So how is the law working? Gizmodo explained that "GDPR was supposed to inform consumers about the personal data being collected about them, and for what purpose. ... Consent had to be informed, unambiguous, and freely given. If people were put off by clear explanation of how their personal information was being used, then the behavior would stop."
But Giovanni Buttarelli, the European Data Protection supervisor, said "we are a little bit disappointed." He explained to Gizmodo that new policies “are written in perhaps a long and vague approach, perhaps in legalese, and this does not help people so they must be scrutinized carefully.”